Oval Definition:oval:com.redhat.rhsa:def:20190818
Revision Date:2019-04-23Version:637
Title:RHSA-2019:0818: kernel security and bug fix update (Important)
Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)

  • Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

  • rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514)

  • xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281)

  • Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)

  • [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179)

  • RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214)

  • [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215)

  • [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)

  • RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)

  • [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997)

  • rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)

  • ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)

  • high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093)

  • Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)

  • [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)

  • [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487)

  • The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ#1688225)

  • RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120)

  • mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)

  • rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#1690323)

    Users of kernel are advised to upgrade to these updated packages, which fix these bugs.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2019-6974
    CVE-2019-7221
    RHSA-2019:0818
    RHSA-2019:0818-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • kernel earlier than 0:3.10.0-957.12.1.el7 is currently running
  • OR kernel earlier than 0:3.10.0-957.12.1.el7 is set to boot up on next boot
  • AND
  • bpftool is earlier than 0:3.10.0-957.12.1.el7
  • AND bpftool is signed with Red Hat redhatrelease2 key
  • kernel is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel is signed with Red Hat redhatrelease2 key
  • kernel-abi-whitelists is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
  • kernel-bootwrapper is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-bootwrapper is signed with Red Hat redhatrelease2 key
  • kernel-debug is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-debug is signed with Red Hat redhatrelease2 key
  • kernel-debug-devel is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-debug-devel is signed with Red Hat redhatrelease2 key
  • kernel-devel is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-devel is signed with Red Hat redhatrelease2 key
  • kernel-doc is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-doc is signed with Red Hat redhatrelease2 key
  • kernel-headers is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-headers is signed with Red Hat redhatrelease2 key
  • kernel-kdump is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-kdump is signed with Red Hat redhatrelease2 key
  • kernel-kdump-devel is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-kdump-devel is signed with Red Hat redhatrelease2 key
  • kernel-tools is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-tools is signed with Red Hat redhatrelease2 key
  • kernel-tools-libs is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-tools-libs is signed with Red Hat redhatrelease2 key
  • kernel-tools-libs-devel is earlier than 0:3.10.0-957.12.1.el7
  • AND kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
  • perf is earlier than 0:3.10.0-957.12.1.el7
  • AND perf is signed with Red Hat redhatrelease2 key
  • python-perf is earlier than 0:3.10.0-957.12.1.el7
  • AND python-perf is signed with Red Hat redhatrelease2 key
    • BACK